Provider arguments

As we have seen from Chapter 5, Low-Level Network Device Interactions, and Chapter 6, APIs and Intent-Driven Networking, network equipment can be connected via both SSH or API, depending on the platform and software release. All core networking modules implement a provider argument, which is a collection of arguments used to define how to connect to the network device. Some modules only support cli while some support other values, for example, Arista EAPI and Cisco NXAPI. This is where Ansible's "let the vendor shine" philosophy is demonstrated. The module will have documentation on which transport method they support.

Starting with Ansible 2.5, the recommended way to specify the transport method is by using the connection variable. You will start to see the provider parameter being gradually phased out from future Ansible releases. Using the ios_command module as an example, https://docs.ansible.com/ansible/latest/modules/ios_command_module.html#ios-command-module, the provider parameter still works, but is being labeled as deprecated. We will see an example of this later in this chapter. 

Some of the basic arguments supported by the provider transport are as follows:

  • host: This defines the remote host
  • port: This defines the port to connect to
  • username: This is the username to be authenticated
  • password: This is the password to be authenticated
  • transport: This is the type of transport for the connection
  • authorize: This enables privilege escalation for devices that require it
  • auth_pass: This defines the privilege escalation password

As you can see, not all arguments need to be specified. For example, for our previous playbooks, our user is always at the admin privilege when logged in, therefore we do not need to specify the authorize or the auth_pass arguments.

These arguments are just variables, so they follow the same rules for variable precedence. For example, if I change cisco_3.yml to cisco_4.yml and observe the following precedence:

    ---
    - name: Configure SNMP Contact
      hosts: "nexus_by_name"
      gather_facts: false
      connection: local

      vars:
        cli:
          host: "{{ ansible_host }}"
          username: "{{ username }}"
          password: "{{ password }}"
          transport: cli

      tasks:
        - name: configure snmp contact
          nxos_snmp_contact:
            contact: TEST_1
            state: present
            username: cisco123
            password: cisco123
            provider: "{{ cli }}"

          register: output

        - name: show output in output["end_state"]["contact"]
          debug:
            msg: '{{ output["end_state"]["contact"] }}'

        - name: show output in output.end_state.contact
          debug:
            msg: '{{ output.end_state.contact }}'

The username and password defined on the task level will override the username and password at the playbook level. I will receive the following error when trying to connect because the user does not exist on the device:

PLAY [Configure SNMP Contact] 
**************************************************

TASK [configure snmp contact] 
**************************************************
fatal: [switch2]: FAILED! => {"changed": false, "failed": true,  
"msg": "failed to connect to 192.168.199.149:22"}
fatal: [switch1]: FAILED! => {"changed": false, "failed": true, 
"msg": "failed to connect to 192.168.199.148:22"}
to retry, use: --limit  
@/home/echou/Master_Python_Networking/Chapter7/cisco_4.retry

PLAY RECAP  
*********************************************************************
switch1 : ok=0 changed=0 unreachable=0 failed=1
switch2 : ok=0 changed=0 unreachable=0 failed=1
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset